CVE-2012-3450

Priority
Description
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x
before 5.4.4 does not properly determine the end of the query string during
parsing of prepared statements, which allows remote attackers to cause a
denial of service (out-of-bounds read and application crash) via a crafted
parameter value.
Assigned-to
mdeslaur
Notes
mdeslaurpdo_sql_parser.re generates pdo_sql_parser.c, so both need to be
patched.
More Information

Updated: 2020-09-10 02:11:12 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)